I don't think that this is a false positive - it is detected as 'Win32/PSWTool.RAS.A application' if you have checking for Potentially Dangerous Applications enabled (which is not enabled by default) HTH

Don't usually hang here. NOD works very well for me. And, yes, I have that checked. I haven't even run the exe as I don't have XP on this machine. (There is an XP machine in the house and help with others so just being careful.) Since NOD catching something is fairly rare for me I thought I'd check in and just post an FYI so the info was out there.

Don't usually hang here. NOD works very well for me. And, yes, I have that checked. I haven't even run the exe as I don't have XP on this machine. (There is an XP machine in the house and help with others so just being careful.) Since NOD catching something is fairly rare for me I thought I'd check in and just post an FYI so the info was out there.

RockXP isn't really all that new, and it is NOT a FP. As with most tools that can pull passwords from protected areas of this system this program is seen as a PDA. Symantec Corp v10 and above and KAV both detect it (from personal experience).

So it's either exclude the PDAs from being scanned or exclude that particular file in AMON.